SB2017042017 - Multiple vulnerabilities in MediaWiki
Published: April 20, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2016-6331)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
2) Information disclosure (CVE-ID: CVE-2016-6332)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
3) Information disclosure (CVE-ID: CVE-2016-6335)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
4) Improper access control (CVE-ID: CVE-2016-6336)
The vulnerability allows a remote authenticated user to manipulate data.
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
5) Improper access control (CVE-ID: CVE-2016-6337)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1369613
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html
- https://phabricator.wikimedia.org/T115333
- https://phabricator.wikimedia.org/T129738
- https://phabricator.wikimedia.org/T139565
- https://phabricator.wikimedia.org/T139570
- https://phabricator.wikimedia.org/T132926
- https://phabricator.wikimedia.org/T139670